(Jul 14) This update fixes several vulnerabilities in Imagemagick, a graphical software suite. Various memory handling problems or incomplete input sanitising could result in denial of service or the execution of arbitrary code.
(Jul 13) Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code, denial of service or attacks on encrypted emails.
On Python’s BDFL Guido van Rossum, his dedication to the Python community, PEP 572 and hope for a healthy outcome for the language, open source and the computing world in general.
Python is an amazing programming language, there’s no doubt about it.
From humble beginnings in 1991, it’s now just about
everywhere. Whether you’re doing web development, system
administration, test automation, devops or data science, odds are
good that Python is playing a role in your work.
Even if you’re not using Python directly, odds are good that it
is being used behind the scenes. Using OpenStack? Python plays an
integral role in its development and configuration. Using Dropbox on
your computer? Then you’ve got a copy of Python running on your
computer. Using Linux? When I purchased Red Hat Linux back in 1995,
the configuration was a breeze—thanks to visual tools developed in
And, of course, there are numerous schools and educational programs
that are now teaching Python. MIT’s intro computer science course switched
several years ago from Scheme to Python, and thousands of universities
all over the world made a similar switch in its wake. My 15-year-old daughter
participates in a program for technology and entrepreneurship—and
she’s learning Python.
There currently is an almost insatiable demand for Python
developers. Indeed, Stack Overflow reported last year that Python is
not only the most popular language on its site, but it’s also the
fastest-growing language. I can attest to this popularity in my own
job as a freelance Python trainer. Some of the largest computer
companies in the world are now using Python on a regular basis, and
their use of the language is growing, not shrinking.
Normally, a technology with this much impact would require a large and
active marketing department. But Python is (of course) open-source
software, and its success is the result of a large number of
contributors—to the core language, to its documentation, to
libraries and to the numerous blogs, tutorials, articles and videos
available online. I often remind my students that people often think
of “open source” as a synonym for “free of charge”, but that they
should instead think of it as a synonym for “powered by the
community”—and there’s no doubt that the Python community is strong.
Such a strong community doesn’t come from nowhere. And there’s no
doubt that Guido van Rossum, who created Python and has led its
development ever since, has been a supremely effective community
organizer and leader.
When you want to find or install a Snap app you’re supposed to head to Ubuntu Software, which is part of the default Ubuntu desktop. But if I’m being honest Ubuntu Software sucks. It’s slow. The layout isn’t great for discovery. And Ubuntu’s instance on listing (often irrelevant) Snap apps at the top of any and […]
Pydio Cells is a brand-new product focused on the needs of enterprises and
large organizations, brought to you from the people who launched the concept
of the open-source
file sharing and synchronization solution in 2008. The concept behind
Pydio Cells is challenging: to be to file sharing what Slack has been to
chats—that is, a revolution in terms of the number of features, power and ease of
In order to reach this objective, Pydio’s development team has switched
from the old-school development stack (Apache and PHP) to Google’s Go
language to overcome the bottleneck represented by legacy technologies.
Today, Pydio Cells offers a faster, more scalable microservice architecture
that is in tune with dynamic modern enterprise environments.
In fact, Pydio’s new “Cells” concept delivers file sharing as a
modern collaborative app. Users are free to create flexible group spaces for
sharing based on their own ways of working with dedicated in-app messaging
for improved collaboration.
In addition, the enterprise data management functionality gives both
companies and administrators reassurance, with controls and reporting that
directly answer corporate requirements around the General Data Protection
Regulation (GDPR) and other tightening data
Pydio Loves DevOps
In tune with modern enterprise DevOps environments, Pydio Cells now runs as
its own application server (offering a dependency-free binary, with no need for
external libraries or runtime environments). The application is available as
a Docker image, and it offers out-of-the-box connectors for
containerized application orchestrators, such as Kubernetes.
Also, the application has been broken up into a series of logical
microservices. Within this new architecture, each service is allocated its
own storage and persistence, and can be scaled independently. This enables
you to manage and scale Pydio
more efficiently, allocating resources to each
The move to Golang has delivered a ten-fold improvement in performance. At
the same time, by breaking the application into logical microservices, larger
users can scale the application by targeting greater resources only to the
services that require it, rather than inefficiently scaling the entire
Built on Standards
The new Pydio Cells architecture has been built with a renewed focus on the
most popular modern open standards:
News briefs for July 13, 2018.
Google’s Chrome browser is launching site isolation, “the most ambitious mitigation for
Spectre attacks”, Ars
Technica reports. Site isolation “segregates code and data from each
Internet domain into their own ‘renderer processes’, which are individual
browser tasks that aren’t allowed to interact with each other”. This has been
optional in Chrome for months, but starting with version 67, it will be
enabled by default for 99% of users.
The Linux Foundation yesterday launched LF
Energy, a new open-source coalition. According to the press release, LF
Energy was formed “with support from RTE, Europe’s biggest transmission
power systems provider, and other organizations, to speed technological
innovation and transform the energy mix across the world.” Visit https://www.lfenergy.org for more
0.7.0 of Kube,
the “modern communication and collaboration client”, is
Improvements include “a conversation view that
allows you to read through conversations in chronological order”; “a
conversation list that bundles all messages of a conversation (thread)
together”; “automatic attachment of own public key”; “the account setup can
be fully scripted through the sinksh commandline interface”; and more. See kube.kde.org for more info.
new iOS and Android apps for its Nativ Vita Hi-Res Music Server. The new
apps, available from the Google
Play Store, “give customers convenient control and playback
functionality from their iOS or Android Smartphone or Tablet”.
the third stability update for KDE Applications 18.04
yesterday. The release contains translation updates and bug fixes only,
including improvements to Kontact, Ark, Cantor, Dolphin, Gwenview, KMag, among
others. The full list of changes is available here.
NVIDIA announced its Jetson Xavier Developer Kit for the octa-core
AI/robotics-focused Xavier module. According to Linux
Gizmos, “the kit, which
goes on sale for $1,300 in August, offers the first access to Xavier aside
from the earlier Drive PX Pegasus autonomous car computer board, which
incorporates up to 4x Xavier modules. The kit includes Xavier’s
Linux-based stack and Isaac SDK.”
the winners of 2018H1 Mozilla Research grants. Eight proposals were
selected, “ranging from tools to fight online harassment to systems for
generating speech. All these projects support Mozilla’s mission to make
the Internet safer, more empowering, and more accessible.” See the Research Grants page
for more info on the grants and how to apply.
New businesses with software at their core are being created every day. Developers are the lifeblood of so much of what is being built and of technological innovation, and they are ever more vital to operations across the entire business. So why wouldn’t we empower them?
Machine learning and IoT in particular offer huge opportunities for developers, especially those facing the crowded markets of other platforms, to engage with a sizeable untapped audience.
That Linux is open source makes it an amazing breeding ground for innovation. Developers aren’t constrained by closed ecosystems, meaning that Linux has long been the operating system of choice for developers. So by engaging with Linux, businesses can attract the best available developer skills.
The Linux ecosystem has always strived for a high degree of quality. Historically it was the Linux community taking sole responsibility for packaging software, gating each application update with careful review to ensure it worked as advertised on each distribution of Linux. This proved difficult for all sides.
Broad access to the code was needed, and open-source software could be offered through the app store. User support requests and bugs were channelled through the Linux distributions, and there was such a volume of reporting, it became difficult to feed information back to the appropriate software authors.
As the number of applications and Linux distributions grew, it became increasingly clear this model would not scale much further. Software authors took matters into their own hands, often picking a single Linux distribution to support and skipping the app store entirely. Because of this, they lost app discoverability and gained the complexity of running duplicative infrastructure.
This placed increased responsibility on developers at a time when the expectations of their role was already expanding. They are no longer just makers, they now bear the risk of breaking robotic arms with their code or bringing down MRI machines with a patch.
As an industry we acknowledge this problem—you can potentially have a bad update and software isn’t an exact science—but we then ask these developers to roll the dice. Do you risk compromise or self-inflicted harm?
Meanwhile the surface area increases. The industry continues a steady march of automation, creating ever more software components to plug together and layer solutions on. Not only do developers face the update question for their own code, they also must trust all developers facing that same decision in all the code beneath their own.
(Jul 12) An update is now available for CloudForms Management Engine 5.9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from
(Jul 12) Red Hat JBoss Core Services Pack Apache Server 2.4.29 packages are now available. Red Hat Product Security has rated this release as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score,
(Jul 12) Red Hat JBoss Core Services Pack Apache Server 2.4.29 packages are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this release as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score,